Service chains for inter-cloud traffic
First Claim
1. A method comprising:
- receiving, via a network device, from one or more endpoints on a private network site, domain name system (DNS) queries associated with respective cloud domains;
based on the DNS queries, collecting DNS information associated with the respective cloud domains;
spoofing, via the network device, DNS entries associated with the respective cloud domains to yield spoofed DNS entries, the spoofed DNS entries defining a reduced number of IP addresses for each respective cloud domain, wherein the reduced number of IP addresses is smaller than a total number of IP addresses allocated to the respective cloud domain, and wherein the reduced number of IP addresses comprises one or more respective IP addresses identified in the collected DNS information;
based on the spoofed DNS entries, creating, via the network device, respective IP-to-domain mappings for the respective cloud domains, wherein each respective IP-to-domain mapping associates the respective cloud domain with an IP address from the reduced number of IP addresses associated with the respective cloud domain;
based on the respective IP-to-domain mappings, programming, on the network device, respective service chains for traffic between the private network site and the respective cloud domains, wherein each respective service chain is programmed via one or more policies configured to route, through the respective service chain, traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain; and
in response to receiving traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain, routing the traffic through the respective service chain based on the one or more policies associated with the respective service chain.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.
344 Citations
20 Claims
-
1. A method comprising:
-
receiving, via a network device, from one or more endpoints on a private network site, domain name system (DNS) queries associated with respective cloud domains; based on the DNS queries, collecting DNS information associated with the respective cloud domains; spoofing, via the network device, DNS entries associated with the respective cloud domains to yield spoofed DNS entries, the spoofed DNS entries defining a reduced number of IP addresses for each respective cloud domain, wherein the reduced number of IP addresses is smaller than a total number of IP addresses allocated to the respective cloud domain, and wherein the reduced number of IP addresses comprises one or more respective IP addresses identified in the collected DNS information; based on the spoofed DNS entries, creating, via the network device, respective IP-to-domain mappings for the respective cloud domains, wherein each respective IP-to-domain mapping associates the respective cloud domain with an IP address from the reduced number of IP addresses associated with the respective cloud domain; based on the respective IP-to-domain mappings, programming, on the network device, respective service chains for traffic between the private network site and the respective cloud domains, wherein each respective service chain is programmed via one or more policies configured to route, through the respective service chain, traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain; and in response to receiving traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain, routing the traffic through the respective service chain based on the one or more policies associated with the respective service chain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network device comprising:
-
one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the network device to; receive, from one or more endpoints on a private network site, domain name system (DNS) queries associated with respective cloud domains; based on the DNS queries, collect DNS information associated with the respective cloud domains; spoof DNS entries associated with the respective cloud domains to yield spoofed DNS entries, the spoofed DNS entries defining a reduced number of IP addresses for each respective cloud domain, wherein the reduced number of IP addresses is smaller than a total number of IP addresses allocated to the respective cloud domain, and wherein the reduced number of IP addresses comprises one or more respective IP addresses identified in the collected DNS information; based on the spoofed DNS entries, create respective IP-to-domain mappings for the respective cloud domains, wherein each respective IP-to-domain mapping associates the respective cloud domain with an IP address from the reduced number of IP addresses associated with the respective cloud domain; based on the respective IP-to-domain mappings, program, on the network device, respective service chains for traffic between the private network site and the respective cloud domains, wherein each respective service chain is programmed via one or more policies configured to route, through the respective service chain, traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain; and in response to receiving traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain, route the traffic through the respective service chain based on the one or more policies associated with the respective service chain. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by one or more processors, cause a network device to:
-
receive, from one or more endpoints on a private network site, domain name system (DNS) queries associated with respective cloud domains; based on the DNS queries, collect DNS information associated with the respective cloud domains; alter DNS entries associated with the respective cloud domains to yield altered DNS entries, the altered DNS entries defining a reduced number of IP addresses for each respective cloud domain, the reduced number of IP addresses being smaller than a total number of IP addresses allocated to the respective cloud domain, wherein the reduced number of IP addresses comprises one or more respective IP addresses identified in the collected DNS information; based on the altered DNS entries, create respective IP-to-domain mappings for the respective cloud domains, wherein each respective IP-to-domain mapping associates the respective cloud domain with an IP address from the reduced number of IP addresses associated with the respective cloud domain; based on the respective IP-to-domain mappings, program respective service chains for traffic between the private network site and the respective cloud domains, wherein each respective service chain is programmed via one or more policies configured to route, through the respective service chain, traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain; and in response to receiving traffic having source information associated with the private network site and destination information matching the IP address in the respective IP-to-domain mapping associated with the respective cloud domain, route the traffic through the respective service chain based on the one or more policies associated with the respective service chain. - View Dependent Claims (18, 19, 20)
-
Specification